Re: IP aliasing

To: DAve <dave.list%pixelhammer.com@localhost>
Subject: Re: IP aliasing
From: Jasper Wallace <jasper%pointless.net@localhost>
Date: Fri, 20 Jun 2008 02:10:05 +0100 (BST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 18 Jun 2008, DAve wrote:

> Good morning,
> 
> I have been told by my Network Administrator that we will be changing IP
> blocks for several key services very soon. I have three new DNS servers
> running NetBSD on the new IP block already. I also have two legacy DNS servers
> (also on NetBSD) that I need to drag along behind me for a few more months.
> 
> My new IP block is 65.124.104.X and my old IP block is 65.196.224.X. Is it
> possible to have a single machine answer for both IPs on a single interface?
> The network Gods claim they can route the traffic to me no problem, but I am
> unsure how to configure the alias for the interface.
> 
> Old address: 65.196.224.2
> Netmask: 255.255.255.0
> Gateway: 65.196.224.1
> 
> New address: 65.124.104.25
> Netmask: 255.255.255.224
> Gateway: 65.124.104.1
> 
> Is it even possible to alias the old address with the new gateway?

you can have both ip's on the same interface with:

ifconfig intX inet 65.124.104.25/27
ifconfig intX inet 65.196.224.2/24 alias

As for the default routes:

Depends on what your trying to do - i think you're going to have to talk 
to your local network guys - if the machines that are trying to reach the 
old ip's are reachable via the new gateway (and the new gateway won't be 
confused by packets coming from old ip's coming in on it's new ip 
interface[1]). Then just set the default route to the new gatway and be 
done with it.

There is no straight forward way on NetBSD to have two default routes, but 
if the set of machines that want to talk to the old ip's is known then you 
can add routes to just them via the old gateway with:

route add -net oldmachinesnetblock/mask 65.196.224.1

The other way is to use ipf 'fastroute' rule to shift the packets around 
manually, something like:

pass out on intX fastroute intX : 65.196.224.1 from 65.196.224.2/24 to any

(You'll need to test that carefully, i may have the syntax wrong. Tcpdump 
is your friend, run it from a machine other than the server your testing,
so you can see what going on on the wire, oh, and consider pf as well, 
(look for the 'route-to' option)).

[1] I am making assumptions about your network setup here, they may be 
wrong.

- -- 
[http://pointless.net/]                                   [0x2ECA0975]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (NetBSD)

iQEVAwUBSFsDbgCB+Qwuygl1AQIsUgf/WtN+G1QwBhS3cvEH1b3tUPodl55OKhz7
HFkoZPGfkyfVs32i6OJL22BEgvtpAIsTQ2uXPTnem8c1S1JL8HJbQArsmYihv2fu
gG3Hr4mOHfIa8t1SiYU5QxMKxtO46zD37zs0MqAl5uIBSje+sd+gQvGOmDglSQO/
ISXsqFadvgYtPHMJ0czknYen/FC4vbzk3bRs/8aGyvPWyGARVy2wrV6nsjfgM9Oi
fWt4KJFnaW5SFPdxaFdaYbxwep5L6Iqwd5GowgxLdEfgTlHt85OZiQqXuyKoRrRH
B2DrIjsHXsLv3C8e9fUEQc8r4GIJck/5xxhQqJVTp8HCkl+UbZL9rw==
=VMSu
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: IP aliasing
  - From: DAve

References:
- IP aliasing
  - From: DAve

Prev by Date: Re: aligning control message ancillary data
Next by Date: Re: ulimit and nginx
Previous by Thread: Re: IP aliasing
Next by Thread: Re: IP aliasing
Indexes:

Home | Main Index | Thread Index | Old Index